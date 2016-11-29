Since the beginning of this weekend hundreds of thousands of
Deutsche Telekom customers in Germany have been suffering as a
result of network outages which appear to have happened as a
result of a massive distributed denial of service (DDoS)
attack.
Deutsche Telekom has said in a statement that as many as
900,000, as much as 4.5% of its 20 million fixed-line customer
base, have suffered internet outages starting on Sunday and
still happening although the number of affected users has begun
to decline sharply.
Thomas Thchersich, Deutsche Telekom's IT Security chief,
told the newspaper Der Tagesspiegel that the outages appeared
to be linked to a botched attempt to turn a sizeable number of
customers' routers into part of the Mirai botnet.
The attack left victims without internet access over the
weekend. According to Deutsche Telekom, this is the second
massive attack on their internet-connected devices since
earlier in October this year.
"In the framework of the attack, it was attempted to turn
the routers into a part of a botnet," Tschersich told a Berlin
newspaper, referring to the network devices customers use to
connect to the internet for phone, data and TV services.
Mirai is malicious software designed to turn network devices
into remotely controlled "botnets" that can be used to mount
large-scale network attacks. Last month, hackers used it to
unleash an attack using standard devices such as webcams and
digital recorders to cut internet access to some huge
websites.
Deutsche Telekom has said it will be reviewing its business
relationship with the supplier of its Speedport routers,
Arcadyan, following the outage. It offered firmware updates on
Monday to three models, all of which are made by Arcadyan
Technology.
Stephen Gates, chief research intelligence analyst at
NSFOCUS said: "Most people
don’t know that all broadband service providers
have ensured they have backdoors into 'their’
customer-edge devices; which can be cable modems, DSL modems,
routers, etc. The reason for this is simple. It ensures
people don’t get services for free, while at the
same time allowing the provider access into the remote devices
for troubleshooting, updating, billing, etc. This helps
reduce associated costs. In this case, it appears that hackers
have figured out a way to capitalise on the backdoor, and cause
a noteworthy denial of service outage."
The fact that it appears to be Deutsche
Telekom’s lack of security awareness in attempting
to leave a 'back door’ open will enrage its users.
This theory was bolstered by comments from Alex Mathews, EMEA
technical manager at security specialist Positive Technologies
who told us that: "Whether this attack could have been
prevented depends on what type of vulnerability was used to
infect the routers. For example, Mirai botnet code was not too
serious: the malware was looking for gadgets with well-known
default passwords (admin: admin, root: password, and so on). If
people had just changed these default passwords, their routers
would not have been infected. On the other hand, the malware
authors can use more serious, unknown vulnerability in routers'
firmware or in communication protocols. In this case, users
hardly can do anything to protect themselves. Only serious
security tests can detect such vulnerability. It should be done
by service providers and by the manufacturers of the routers.
However, unfortunately, they do not do enough safety
testing."
Global Telecoms Business asked for a comment from Deutsche
Telekom however, at time of publishing we had not heard back
from their spokesperson.